Privacy/Privacy and verification use case
Privacy and verification use case
Edited by Kepeng Li, kepeng.lkp@alibaba-inc.com
Short Description
Using an application (web or native) running on the mobile device, user reports his personal health information to the hospital through mobile health platform, and wants to get advice from the doctor in the hospital.
Actors
- User: mobile device owner, who can use application on the mobile device to get mobile health services.
- Mobile Health Platform: a network entity, which can provide mobile health services, for example: personal health management, online registration, online shopping for medicines. It communicates with several hospitals.
- Hospital: provides medical services and it owns users’ personal, medical and health data, for example: name, address, ID card number, blood pressure, body checking results, prescription.
Motivation
Mobile Health Platform should not store or understand user’s privacy information, but needs to perform verification based on user’s identity information or SMS verification code.
Basic Flow
User Application Mobile Health Platform Hospital | | | | 1. Logs in and sends prescription query request -----> | | | | | | <-----2. Asks user to input SMS verification code | | | | | | 3. User receives and inputs SMS verification code --> | | | | ---- | | | | 4. Verify the SMS verification code | | | <--- | | | | | | 5. Sends request for prescription ---> | | | | | | <---6. Response with prescription info | | | | | <--- 7. Response with prescription info | | | | |
- User logs in the application (web or native) running on the mobile device, and sends prescription query request to the Mobile Health Platform.
- Mobile Health Platform sends SMS verification code to the user’s mobile device, and asks user to input the received SMS verification code. The purpose of this step is to verify if the user owns his registered mobile phone number.
- In this step, Mobile Health Platform should not store the user’s original mobile phone number, but needs to send out the SMS verification code.
- User receives and inputs the SMS verification code.
- Mobile Health Platform compares the sent and received SMS verification code, and performs the verification.
- After successful verification, Mobile Health Platform sends prescription query request to the hospital.
- The hospital sends back response with prescription information.
- In this step, Mobile Health Platform should not understand the privacy information in the prescription, but the user should be able to understand the all the prescription information.
- Mobile Health Platform sends response to the user with prescription information.
Pre-conditions
• The application (web or native) running on user’s mobile device has a communication channel with the Mobile Health Platform. • User has been to the hospital and the doctor has uploaded the electronic prescription for the user. • Mobile Health Platform has trusted communication channel with the hospital.
Post-conditions
• Hospital does not own any user privacy information, but can perform second verification to the user.
Requirements
- 1. Hospital should not store user’s privacy information, including name, identity number, address, mobile phone number etc.
- 2. Hospital should be able to perform second verification based on use’s privacy information, e.g. ask user to input identity information, or ask user to input SMS verification code.
- 3. Mobile Health Platform should not understand the privacy information in the prescription, but the user should be able to understand the all the prescription information.
Recommendation
The group discusses this privacy related use case and requirements, provides possible solutions, and identifies possible standard possibilities from that.